Archive for June, 2010

Fuzzing Negative Software Testing Videos

0

Videos on Fuzzing

Fuzzing 101

Mike Zusman explains fuzz testing, a special type of negative software testing.

Fuzzing 102

http://pentest.cryptocity.net/files/fuzzing/fuzzing-2.pdf


Exploitation Videos from Dino Dai Zovi

0

Found Interesting videos on Exploitation

Dino Dai Zovi’s Memory Corruption 101

Basic debugging for exploit development

http://vimeo.com/5113617

Exploitation 102

Exploit mitigations, shellcoding, and Metasploit with Dino Dai Zovi.

Update,Jailbreak & ssh to iPod Touch 2G

2

Today one of my office friend bought Ipod Touch 2G 8 GB it was quite good but it was using old firmware version ,as the latest 4.0 has been released so finally planned to update the latest version. Using the latest Itunes application i was able to updated to OS 4.0 which took 20 minutes to update.
Now new firmware looks very nice but i cant mess with most of things like installing custom tools by using the http://www.ihackintosh.com/2010/06/how-to-jailbreak-your-ipod-touch-2g-using-redsn0w/ guide i was able to jail break and have access to Cydia it is a replacement packaging and repository manager for the original Installer.app for the iPhone or iPod touch, once i followed the above guide i was able to jail break the ipod touch with the latest firmware and had access to the Cydia.My next plan is to use Cydia packages to install ssh on the ipod touch so that i can ssh to the device,install and configure the applications. Finally i was able to ssh to IPod touch from My Ubuntu desktop see the below Screenshot.The main objective of the above task was to use Ipod touch has an mobile penetration testing device ,next i will try to post on how to install tools like metasploit,nmap and other security tools.

jailbreak

Reverse Engineering for Vulnerability Analysis Videos

0

Reverse Engineering for Vulnerability Analysis with Aaron Portnoy and Peter Silberman.

Reverse Engineering 101

Reverse Engineering 102 part 1

Reverse Engineering 102 part 2

Source Code Auditing Videos

0

I was Searching for More Details On Source Code Auditing found wonderful videos by Brandon Edwards

Introduction to Source Code Auditing by Brandon Edwards, Senior Security Researcher at McAfee.

Code Audits 101

Code Audits 102

Learning Penetration Testing skills in Today’s Chaotic World

0
In my previous post i was talking about vulnerable web applications for Beginners today we will see how can we Learn Penetration Testing skills in Today’s Chaotic World below are the few Hacking and Vulnerable Labs/Live CD’s to test ur Penetration Testing skills.

1)http://www.netwars.info/

Netwars is the ultimate online game: an adventure across the Internet. You can play as an analyst, a penetration tester, a defender, or any combination. You earn points by finding keys, moving to higher levels, capturing services such as a website, overcoming obstacles (attack techniques) and protecting resources (defensive techniques). You can see the other players’ scores and your own points scored, live, or on an overall scoreboard.

2)http://www.overthewire.org/wargames/

OverTheWire community can help you to learn and practice security concepts in the form of funfilled games.

3)http://sourceforge.net/projects/lampsecurity/

LAMPSecurity training is designed to be a series of vunlerable virtual machine images along with complementary documentation designed to teach linux,apache,php,mysql security.

4)De-ICE live CDS

These live CDS Intended to provide legal targets in which to practice and learn PenTest skills, these LiveCDs are real servers that contain real-world challenges. Designed by professional penetration testers,each disk provides a learning opportunity to explore the world of penetration testing.
register and downlaod these Live Cd’s from http://heorot.net/forums

de-ice.net-1.100-1.1.iso
de-ice.net-1.110-1.0.iso
de-ice.net-2.100-1.1.iso
hackerdemia-1.1.0.iso
pWnOS.tar.gz

5) http://p0wnlabs.com/

p0wnlabs is your place to hack, experiment and learn by doing.

Join up and you get access to online hacking challenges, exercises and virtual lab environments stocked with hacking challenges for your mind:

  • Map a system
  • Find it’s vulnerabilities
  • 0wn it
  • Try out new hacking tools
  • Learn new hacking tricks
  • Hone your skills
Important:dont try these Live CD’s on production envirnoments make sure u try out in Vmware,If you know any other Live Cd’s or projects please comment i will update the post

WATOBO Web Application Toolbox

0
Today I was looking on good open source web application Assessment tools & came across this tool WATOBO,this is a graphical interface which runs on ruby, very impressive with less false positives which works in windows only.

The most important advantages are:

* WATOBO has Session Management capabilities! You can define login scripts as well as logout signatures. So you don’t have to login manually each time you get logged out.
* WATOBO can perform vulnerability checks out of the box.
* WATOBO supports Inline De-/Encoding, so you don’t have to copy strings to a transcoder and back again. Just do it inside the request/response window with a simple mouse click.
* WATOBO has smart filter functions, so you can find and navigate to the most interesting parts of the application easily.
* WATOBO is written in (FX)Ruby and enables you to define your own checks
* WATOBO is free software ( licensed under the GNU General Public License Version 2)

check the Project details here

http://sourceforge.net/projects/watobo/

Videos
http://sourceforge.net/apps/mediawiki/watobo/index.php?title=Videos

Detecting Web application firewall during Pentesting

0
It has Always been overlooked by Penetration Testers while Testing Web Applications, most of the Web Applications are Protected by Application firewall & it is not so easy to find which firewall has been using,here comes a tool “WAFW00F” which can fingerprint 20 WAF products this helps a Pentester to find and analyse the WebApplication.

http://code.google.com/p/waffit/

WAFW00F allows you fingerprint WAF products protecting a website. The tool as of now can fingerprint 20 WAF products. How can it do that? Possibly, it is looking at the following:

* Cookies – Some WAF products add their own cookie in the HTTP communication.

* Server Cloaking – Altering URLs and Response Headers.

* Response Codes – Different error codes for hostile pages/parameters values.

* Drop Action – Sending a FIN/RST packet. This can also be a false positive for an IDS/IPS.

* Pre Built-In Rules – Each WAF has different negative security signatures. A study is done of all them WAF products.

Below is the test Conducted on Modsecurity its an Open Source Firewall

1) punter@rtfm:~$svn checkout waffit – Revision 11: /trunk waffit-read-only
2) punter@rtfm:~$cd to that downloaded directory cd /pentest/web/waffit-read-only#
3) punter@rtfm:~$python wafw00f.py http://192.168.0.122–>

punter@rtfm:~$ python wafw00f.py http://192.168.0.122
^ ^
_ __ _ ____ _ __ _ _ ____
///7/ /.’ \ / __////7/ /,’ \ ,’ \ / __/
| V V // o // _/ | V V // 0 // 0 // _/
|_n_,’/_n_//_/ |_n_,’ \_,’ \_,’/_/
<
…’

WAFW00F – Web Application Firewall Detection Tool

By Sandro Gauci && Wendel G. Henrique

Checking http://192.168.0.122
The site http://192.168.0.122 is behind a ModSecurity
Number of requests: 5

Vulnerable Web Applications To learn Web Application Testing Skills

0

I have Often seen Beginners who will pursue their carrier in Application Security always have less Hands on experience in testing Web Applications below are the links Would help them to learn and Improve their skills in Application Security Testing.

Vulnerable Webapplications

1) Jarlsberg App

http://jarlsberg.appspot.com/start

2) OWASP Broken Web Applications project

http://code.google.com/p/owaspbwa/wiki/ProjectSummary
Intentionally Vulnerable Applications:
•OWASP WebGoat version 5.3-SNAPSHOT (Java)
•OWASP Vicnum version 1.4 (PHP/Perl)
•Mutillidae version 1.3 (PHP)
•Damn Vulnerable Web Application version 1.06 (PHP)
•Ghost (PHP)
•Peruggia version 1.2 (PHP)
•OWASP CSRFGuard Test Application version 2.2 (Java)
•OWASP AppSensor Demo Application (Java)
•Mandiant Struts Forms (Java/Struts)
•Simple ASP.NET Forms (ASP.NET/C#)
•Simple Form with DOM Cross Site Scripting (HTML/JavaScript)

Old Versions of Real Applications:
•WordPress 2.0.0 (PHP, released December 31, 2005, downloaded from www.oldapps.com)
•phpBB 2.0.0 (PHP, released April 4, 2002, downloaded from www.oldapps.com)
•Yazd version 1.0 (Java, released February 20, 2002)

3)Web Security Dojo

http://www.mavensecurity.com/web_security_dojo/

Targets include:

•OWASP’s WebGoat
•Damn Vulnerable Web App
•Hacme Casino
•OWASP InsecureWebApp
•simple training targets by Maven Security (including REST and JSON)
Tools:

•Burp Suite (free version)
•w3af
•OWASP Skavenger
•OWASP Dirbuster
•Paros
•Webscarab
•Ratproxy
•sqlmap
•helpful Firefox add-ons

4)SPI Dynamics (live) – http://zero.webappsecurity.com/

5)Cenzic (live) – http://crackme.cenzic.com/

6)Watchfire (live) – http://demo.testfire.net/

7)Acunetix (live) – http://testphp.acunetix.com/ http://testasp.acunetix.com http://testaspnet.acunetix.com

8)PCTechtips Challenge (live) – http://pctechtips.org/hacker-challenge-pwn3d-the-login-form/

9)The Butterfly Security Project – http://sourceforge.net/projects/thebutterflytmp/files/ButterFly%20Project

10)Hacme Casino – http://www.foundstone.com/us/resources/proddesc/hacmecasino.htm

11)Hacme Bank 2.0 – http://www.foundstone.com/us/resources/proddesc/hacmebank.htm

12)Updated HackmeBank – http://www.o2-ounceopen.com/technical-info/2008/12/8/updated-version-of-hacmebank.html

14)Hacme Books – http://www.foundstone.com/us/resources/proddesc/hacmebooks.htm

15)Hacme Travel – http://www.foundstone.com/us/resources/proddesc/hacmetravel.htm

16)Hacme Shipping – http://www.foundstone.com/us/resources/proddesc/hacmeshipping.htm

17)OWASP SiteGenerator – http://www.owasp.org/index.php/Owasp_SiteGenerator

18)Moth – http://www.bonsai-sec.com/en/research/moth.php

19)Stanford SecuriBench – http://suif.stanford.edu/~livshits/securibench/

20)SecuriBench Micro – http://suif.stanford.edu/~livshits/work/securibench-micro/

21)BadStore – http://www.badstore.net/

22)WebMaven/Buggy Bank – http://www.mavensecurity.com/webmaven

Hello world!

1

Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!

Go to Top